© all rights reserved. no copies may be made without the express written consent of affiliated...

© All rights reserved. No copies may be made without the express written consent of Affiliated Monitors, Inc.

www.affiliatedmonitors.comEric R. FeldmanSenior Vice President and Managing DirectorCorporate Ethics and Compliance Programs Affiliated Monitors, Inc.

“IT’S NOT JUST TONE AT THE TOP”:HOW COMPANIES CAN BUILD A

CORPORATE ETHICAL CULTURE AND PREVENT FRAUD

ACFE SAN FRANCISCOSEPTEMBER 11, 2015

1


BACKGROUNDRetired from CIA in April 2011 with 32 years of federal service Government Accountability Office Department of Defense CIA/National Reconnaissance Office IG Senior Advisor for Procurement Integrity

2

Different perspectives on business ethics: senior agency official, law enforcement, corporate

consultant, independent monitor


WHAT IS BUSINESS ETHICS?

3


A system of proper conduct principles in the workplacethat applies society’s ethical norms to business dealings

determined by:

4

Code of Conduct

Code of Ethics

Policies and Procedures

© All rights reserved. No copies may be made without the express written consent of Affiliated Monitors, Inc. 5

ETHICS

COMPLIANCE

VS


ETHICS

6

Largely rule-based “SOX” Code of Conduct 2008 Economic Meltdown


ETHICS VS. COMPLIANCE

“Some companies have given up entirely on trying to figure out what’s ethical and are instead using what’s legal as their standard for decision-making…the result is moral bankruptcy.” –Kevin Rollins, president Dell Computer Corporation

7


COMPLIANCE

8

Ruling Philosophies: “As long as it’s legal, it’s ethical.” “As long as it’s not illegal, it’s okay.”

“If you can’t look yourself in the mirror for something you’re about to do, don’t do it.”

-Peter Drucker


CULTURE OF COMPLIANCE“Our rules alone won’t be enough. Our rules never have been enough, are not enough today, and never will be enough. What’s really needed is a change of mindset—one that fosters not only a ‘culture of compliance’ but also a company-wide environment that fosters ethical behavior and decision-making.”

–William Donaldson Former chair, SEC

9


WHAT IS ETHICAL CULTURE?

10


It’s how things are “really done around here.”

11


WHAT IS ETHICAL CULTURE? Donaldson says it is instilling “a company-wide commitment

to do the right thing this time, and every time.” Ethical behavior must become “the core of the company’s

essential DNA,” shared by every employee. A firm’s leaders must have the courage and commitment to

question whether a practice is truly ethical or truly in the best interest of clients and customers.

Donaldson: “Customers must always come before the balance sheet and not the other way around.”

12


IMPACT OF CULTURE ON MISCONDUCT

.

13

2013 National Business Ethics Survey of the U.S. Workforce, p. 18. ©2014 Ethics Resources Center. www.ethics.org/nbes

http://www.ethics.org/nbes


ETHICAL CULTURES REBOUNDING AFTER 2011 DIP

.

14

2013 National Business Ethics Survey of the U.S. Workforce, p. 17. ©2014 Ethics Resources Center. www.ethics.org/nbes


WHAT IS AN ETHICS AND COMPLIANCE PROGRAM?

Corporate code of conduct

Business ethics

Corporate compliance

Anti-fraud programs

Anti-corruption programs

Enterprise risk management

Corporate risk assessments

Fraud risk assessment

Process of assessing risks and vulnerabilities and the adequacy of controls in place to manage those risks.

15


FEDERAL SENTENCING GUIDELINES Goal: “Promote an organizational culture that

encourages ethical conduct and a commitment to compliance.”

Deter and punish corporate crime via sentencing. Reduce fraud and other misconduct through strong

ethics and compliance programs. Seven steps: “The Gold Standard.”

1616


FEDERAL SENTENCING GUIDELINES

1. Written Compliance Standards and Procedures Code of conduct Anti-fraud/corruption program Non-retaliation policy

2. Accountability and Oversight at the Top Board of directors CEO/leadership team

17


FEDERAL SENTENCING GUIDELINES3. Due Diligence in Selecting Staff

Ethics and compliance team Individuals with discretionary authority

4. Adequate Training and Communication Management expectations Training in relevant requirements

5. Robust Monitoring and Auditing Anonymous reporting mechanism Continual program assessment

18


FEDERAL SENTENCING GUIDELINES

6. Effective Incentives and Discipline Carrot and stick Alignment of ethics/integrity and financial objectives Incentives for good ethical decision-making Consistent enforcement actions

7. Prompt and Reasonable Response to Criminal Conduct

Full internal investigation Government notifications Internal remediation/self-improvement

19


BENEFITS OF THE SEVEN STEPS Sentencing reduction: 3–5 points Leniency in prosecution decisions

U.S. Attorney’s Manual re: charging factors Quicker and more favorable settlements

Avoid suspension or debarment Strengthen ethical culture Better manage fraud risk

20


“WE’RE ALREADY AN ETHICAL COMPANY” What is the culture like outside of the C Suite? Risk of bad actors Regulatory complexity Aggressive enforcement

DOJ SEC Suspension and debarment Health care

Foreign Corrupt Practices Act (FCPA) Global economy Enforcement Materiality

21


SENTENCING GUIDELINE UPDATES (THRU 2014)

Response to criminal conduct Reasonable steps to remedy harm Restitution Self-reporting Cooperation Modifications to program (outside advisors)

High-level misconduct “okay” CECO reporting relationships Self-detection Prompt reporting Ethics officials not involved

22


Sentencing of Organizations “These guidelines offer incentives to organizations to reduce and ultimately eliminate criminal conduct by providing a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program. The prevention and detection of criminal conduct, as facilitated by an effective compliance and ethics program, will assist an organization in encouraging ethical conduct and in complying fully with all applicable laws.”

23From U.S. Sentencing Commission, 2014 Guidelines Manual, Chapter 8 - Introductory Commentary


Sentencing Guideline Updates (THRU 2014) Ethics and Compliance at High Level

“Specific individual(s) within the organization shall be delegated day-to-day operational responsibility for the compliance and ethics program. Individual(s) with operational responsibility shall report periodically to high-level personnel and, as appropriate, to the governing authority, or an appropriate subgroup of the governing authority, on the effectiveness of the compliance and ethics program. To carry out such operational responsibility, such individual(s) shall be given adequate resources, appropriate authority, and direct access to the governing authority or an appropriate subgroup of the governing authority.”

24From U.S. Sentencing Commission, 2014 Guidelines Manual, §8B2.1.(b)(2)(C)


Sentencing Guideline Updates (THRU 2014)“As Appropriate” = At Least Annually

“If the specific individual(s) assigned overall responsibility for the compliance and ethics program does not have day-to-day operational responsibility for the program, then the individual(s) with day-to-day operational responsibility for the program typically should, no less than annually, give the governing authority or an appropriate subgroup thereof information on the implementation and effectiveness of the compliance and ethics program.”

25From U.S. Sentencing Commission, 2014 Guidelines Manual, §8B2.1 Commentary: Application Note 3


Sentencing Guideline Updates (THRU 2014)Organizational Carrots

“The organization’s compliance and ethics program shall be promoted and enforced consistently throughout the organization through (A) appropriate incentives to perform in accordance with the compliance and ethics program; and (B) appropriate disciplinary measures for engaging in criminal conduct and for failing to take reasonable steps to prevent or detect criminal conduct.”

26


Sentencing Guideline Updates (THRU 2014)Evaluate Effectiveness

“The organization shall take reasonable steps—…to evaluate periodically the effectiveness of the organization's compliance and ethics program…”

27From U.S. Sentencing Commission, 2014 Guidelines Manual, §8B2.1(b)(5)


Sentencing Guideline Updates (THRU 2014)Offer Confidentiality

“The organization shall take reasonable steps—…to have and publicize a system, which may include mechanisms that allow for anonymity or confidentiality, whereby the organization’s employees and agents may report or seek guidance regarding potential or actual criminal conduct without fear of retaliation.”

28From U.S. Sentencing Commission, 2014 Guidelines Manual, §8B2.1(b)(5)


Sentencing Guideline Updates (THRU 2014)Responsibility for Third Parties

Large organizations—A large organization generally shall devote more formal operations and greater resources in meeting the requirements of this guideline than shall a small organization. As appropriate, a large organization should encourage small organizations (especially those that have, or seek to have, a business relationship with the large organization) to implement effective compliance and ethics programs.

29From U.S. Sentencing Commission, 2014 Guidelines Manual, §8B2.1 Commentary: Application Note 2(C)(ii)


ETHICAL CULTURE DRIVES COMPLIANCE RISK

May 2014 RAND Symposium-Transforming Compliance Compliance without ethics doesn’t work. Period. Ethical norms shape the compliance risk. Tone at the top is a prerequisite for ethical culture. Boards need to be engaged; CECOs need to be empowered. Effective compliance reflects transparency/confidentiality

balance.

2013 NBES• Ethics culture drives employee conduct.• In the weakest cultures, 82% of misdeeds happened repeatedly.

30


“The Culture of any organization is shaped by the worst behavior the

leader is willing to tolerate”

- Gruenter and Whitaker

31


TEN QUESTIONS TO ASK WHEN TRYING TO STRENGTHEN A CORPORATE ETHICAL

CULTURE

1. What is the relationship between ethics and other performance metrics in the company? The leading factor in unethical behavior is pressure from management

or the board to meet unrealistic business objectives. Alignment of ethics and performance objectives is critical in

compensation, bonus, and promotion decisions.

2. Is our required ethics training more than a check-the-box exercise? Cascading training Scenario-based

32



CULTURE

3. Have we exercised due diligence in our hiring, promotions, and mergers/acquisitions? Due diligence in hiring Promotion screening Performance assessment elements

4. Have we conducted a risk assessment to identify weaknesses? What is our potential Enron? Perverse incentives Unintended consequences of goals and expectations Do WE have a “paper program”?

33



CULTURE

5. What is the tone at the top? Communicating the ethics message Proactive engagement CECO independence, authority, resources

6. What is the mood in the middle and the buzz at the bottom?

Immediate supervisors have greatest impact. Leadership skill represents a key asset/vulnerability. Leadership accountability or “executive protection program”?

34


Senior Level Managers Should Be Setting the Tone

35


Large Portion of Misconduct Committed by Managers

24%

19%

17%

36%

4%

Senior leaderMiddle ManagersFirst-line supervisors Non- management employeesOther

2013 National Business Ethics Survey :Business Ethics of the U.S. Workforce, Pg 20. Ethics Resource Center, http://www.ethics.org/nbes/



CULTURE

7. Who is responsible for paying attention to the ethical culture? Senior leadership intentions don’t always reflect reality. How are ethics incorporated into day-to-day business decisions? Active ethics messaging is a must.

8. Is our Code of Conduct more than shelfware? Is it referenced beyond new-employee orientation? Is it customized to our business? Has it been updated?

37



CULTURE

9. Are our employees familiar with and comfortable using reporting mechanisms? Is there a fear of retaliation? Is the Hotline or Helpline used regularly? Are reporting trends analyzed and used to strengthen the program?

10. Are we paying adequate attention to the ethical posture of third-parties? Third-party risks are high; due diligence is necessary. This is often the weakest area in ethics assessments.

38


“When everybody accepts personal responsibility to behave in ethical ways, you then hardly even have to think about it, because ethical behavior is your nature, not some artificial department… When leaders are open and exact in their observance of ethical codes, they inspire others to do the same.”

STEVEN COVEY: THE ETHICS OF TOTAL INTEGRITY

39


WHAT IT TAKES TO COMMIT FRAUD

41


FRAUD TRIANGLE AND ETHICAL CULTUREOpportunity Greatest when an employee perceives bad behavior is an accepted way

of doing business: culture Fear of retaliation prevents reportingRationalization Sense of entitlement high in cultures with low morale Perception of unfair treatment Incentives/rewards favoring ethically challenged and promote the wrong

behaviors Doing the “wrong” thing for the “right” reasonsPressure Unrealistic business objectives Ethics divorced from financial metrics

42


Organizational Stress Increases Misconduct


A. 10%B. 25%C. 50%D. 75%E. Depends on the circumstances

WHAT PERCENTAGE OF EMPLOYEES WOULD COMMIT FRAUD?

44


According to fraud experts: 10–20% of employees would never commit a fraud,

regardless of the situation.

60–80% of employees could become perpetrators if the situation was right.

10–20% of employees are basically dishonest and would steal if they got a chance.

THE 10-80-10 RULE

45


WHERE DO YOUR EMPLOYEES FALL?

10–20% 60–80% 10–20%

46


ETHICAL CULTURE AND FRAUD PREVENTION

Cost of fraud is staggering ACFE Report to the Nations: 5% loss Record False Claims Act 2014 settlements: $5 billion Record number of SEC/DOJ FCPA actions Record number of suspensions/debarments Loss of reputational capital

ROI of anti-fraud programs Duration and value of losses are reduced Reporting hotlines, training, code of conduct, and

reporting incentives all decrease fraud

47


THE ROI OF ANTI-FRAUD PROGRAMS

What is an anti-fraud program? Core values Code of conduct Independent CECO Ethics messaging Ethics training Rewards and incentives (aligned with values) Anonymous reporting hotline Investigative process Disciplinary process

48


Companies with Strong Ethics Culture Are Less Likely to Have Ongoing Misconduct

51

2013 National Business Ethics Survey :Business Ethics of the U.S. Workforce, P. 20. Ethics Resource Center, www.ethics.org/nbes


WHO’S WATCHING? Government Agency CustomersAgency Inspectors GeneralDefense Contract Audit Agency (DCAA)Federal Regulatory AgenciesDepartment of Justice

52


EXPANDED USE OF SUSPENSION AND DEBARMENT

Increased Government Scrutiny False Claims Procurement Integrity Act Violations FAR Violations Mandatory Disclosures Regulatory Violations Quality Control

Ethical culture is a key element considered in Suspension and Debarment Actions.

53


Ethical Culture Can Soften the Blow of Enforcement Actions

Morgan Stanley’s strong, well-documented compliance program and clear compliance directives from their managers protected the company from prosecution.

Johnson & Johnson avoided prosecution by abiding by a long list of Ethics and Compliance program requirements.

Fokker Services DPA was rejected by a court because it lacked a requirement of independent monitoring or regular reporting on the impact of its Ethics and Compliance program.

© all rights reserved. no copies may be made without the express written consent of affiliated...

Documents

business ethics

whats ethical

corporate ethical culture

directorcorporate ethics

ethics compliancevs

ethical behavior

societys ethical norms

culture of complianceour